2. How is the knowledge presented? One challenge with predictive analytics is that the algorithms are complex and provide raw data that require a trained eye to interpret. For predictive analytics to be practical and usable, security professionals should look for solutions that automatically present and explain findings, and recommend next steps in an easy-to-understand format. With these insights, existing security teams can have the confidence to act upon the analysis and improve controls, protection, and remediation, without having to rely on highly trained experts. In this era when the security industry is plagued by a dearth of skilled security professionals, tools that are automated and accessible are essential.
3. How is the knowledge used? When integrated with existing security techniques, predictive analytics can help to make defenses more accurate and capable of detecting unknown or unusual behavior on the network. It involves advanced decision-making algorithms that analyse multiple parameters and take in live traffic data, as well as machine learning capabilities that allow the system to learn and adapt based on what it sees.
Machine learning systems identify potential threat areas and look for evidence of incidents that have taken place, are under way, or may be imminent. Though they do not necessarily handle security or policy enforcement, they can provide continuous intelligence (such as content-based security solutions, perimeter management solutions, and policy management solutions) to other systems to find unexpected threats. This will then lead to the prioritisation of controls, protection, and remediation. Policies and controls change in anticipation of a potential threat, reducing effort and improving efficiency.
In order to break the threat cycle, we need technologies that are equipped with the visibility and intelligence to keep up with dynamic environments. Security professionals should begin to prepare for the emerging area of predictive analytics by understanding the underpinnings of predictive technologies. Only then can we make more informed decisions that will result in tools that can truly help increase resilience of our security solutions, scale controls over time, and create a more secure future.
Sign up for CIO Asia eNewsletters.